-
Committer:
Bazaar Package Importer
-
Author(s):
Stefan Lesicnik
-
Date:
2008-10-13 11:52:24 UTC
-
Revision ID:
james.westby@ubuntu.com-20081013115224-6jqaxu06ijr4t33x
Tags: 3.0.4.1-2ubuntu1.1
* SECURITY UPDATE: Directory traversal vulnerability in importxml.pl in
Bugzilla before 2.22.5, and 3.x before 3.0.5, when --attach_path
is enabled, allows remote attackers to read arbitrary files via an
XML file with a .. (dot dot) in the data element.(LP: #281915)
- debian/maintenance/33_CVE-2008-4437.sh: upstream patch with regex
to remove any leading path data from the filename.
- CVE-2008-4437